There is an issue that more than one VMCache server can run with same
vm_cache_endpoint file together.
The cause is factory try to remove vm_cache_endpoint file before VMCache
server runs.
Change it to check if vm_cache_endpoint file exists before VMCache server
runs to handle the issue.
Fixes: #1385
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Gopkg.lock says it's "dbea6f2bd41658b84b00417ceefa416b979cbf10"
but it is actually "5017d4e9a9cf2d4381db99eacd9baf84b95bfb14".
We need to make sure Gopkg.lock does not lie otherwise `dep ensure`
would really fetch the locked revision and it causes build failure
due to API changes.
Introduced by: 76d9db3e0b (vendor: Add github.com/gogo/protobuf).
While at it, constraint containerd/cgroups to a working revision.
Fixes: #1447
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
When the container's rootfs is block storage backed such as devmapper,
shimv2 will not mount it on the host, instead it insert it into hypervisor
as a block device directly.
If kata's config set "disable_block_device_use" as true, it will mount
the rootfs onto host as before.
Fixes:#1158
Signed-off-by: lifupan <lifupan@gmail.com>
container's rootfs is a string type, which cannot represent a
block storage backed rootfs which hasn't been mounted.
Change it to a mount alike struct as below:
RootFs struct {
// Source specify the BlockDevice path
Source string
// Target specify where the rootfs is mounted if it has been mounted
Target string
// Type specifies the type of filesystem to mount.
Type string
// Options specifies zero or more fstab style mount options.
Options []string
// Mounted specifies whether the rootfs has be mounted or not
Mounted bool
}
If the container's rootfs has been mounted as before, then this struct can be
initialized as: RootFs{Target: <rootfs>, Mounted: true} to be compatible with
previous case.
Fixes:#1158
Signed-off-by: lifupan <lifupan@gmail.com>
Share with the container the mkfs configuration file to use only the
filesystem features supported in the host.
fixes#270
Signed-off-by: Julio Montes <julio.montes@intel.com>
api.proto moved, resulting in a broken link. The original link wasn't
very useful in the first place, so simply remove.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Let's keep all design documents in the same logical location. Updating
the file to be called 'cpu-constraints', though we may want to expand to
resource constraints going forward.
Fixes: #417
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
When writing our runtime configs to crio.conf, let's add some
whitespace and comments to make it clearer, and fit in with the
rest of the crio.conf file.
Fixes: #412
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
On some systems the "runc" runtime isn't available or has a different
name. Allow the user to override the Docker runtime.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #268
rootfs.sh fails on machines with SELinux in enforcing mode if the
volumes aren't labelled.
This patch labels volumes so the container is able to access them.
In order to do this rootfs directory creation must be moved before the
Docker container is started. Previously docker-run(1) would create the
rootfs directory in the USE_DOCKER case.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes: #266
when use shim v2 interface to run container, no need to use kata-proxy
and kata-shim, remove kata-proxy and kata-shim in config file will cause
panic since type assertion. add check to avoid panic
Fixes: #1440
Signed-off-by: Ace-Tang <aceapril@126.com>
We no longer use the TrustedSandbox style annotations now we
have moved to the RuntimeClass method of choosing a runtime.
Drop the remaining Trusted items from the examples.
Fixes: #403
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
The "ephemeral" is just used to indicate ephemeral volumes in
runtime. We should not pass it to agent. Instead, "bind" should be
the correct mount type to be passed.
Fixes: #1438
Signed-off-by: Xie Yongji <xieyongji@baidu.com>
After we switched golang linter to golangci-lint, we has extra 'deadcode'
linter check, and we need to remove this linter check for all
generic items.
Fixes: #1432
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Re-implement image builder script to generate an image with a double MBR +
a DAX metadata. The DAX metadata is read by the NVDIMM driver to know the
beginning of the data in the pmem device.
This new image format is required to enable DAX in the kernels and hypervisors
that support NVDIMM, without breaking the compatibility with the kernels and
hypervisors that don't support it.
Following diagram shows how the resulting image will look like
```
.-----------.----------.---------------.-----------.
| 0 - 512 B | 4 - 8 Kb | 2M - 2M+512B | 3M |
|-----------+----------+---------------+-----------+
| MBR #1 | DAX | MBR #2 | Rootfs |
'-----------'----------'---------------'-----------+
| | ^ | ^
| '-data-' '--------'
| |
'--------rootfs-partition---------'
```
MBR: Master boot record.
DAX: Metadata required by the NVDIMM driver to enable DAX in the guest [1][2]
(struct nd_pfn_sb).
Rootfs: partition that contains the root filesystem (/usr, /bin, etc).
Kernels and hypervisors that support DAX/NVDIMM read the MBR #2,
otherwise MBR #1 is read.
[1] - https://github.com/kata-containers/osbuilder/blob/master/image-builder/\
nsdax.gpl.c
[2] - https://github.com/torvalds/linux/blob/master/drivers/nvdimm/pfn.hfixes#263
Signed-off-by: Julio Montes <julio.montes@intel.com>
